#!/usr/bin/env bash

# ----------------------------------------------------------------------
# Filename	:  login
# Version	:  1.0
# Date		:  2022/02/18
# Author	:  Lz
# Email		:  liuzuo@kylinos.com.cn 
# History	:     
#            	   Version 1.0, 2022/02/18
# Function	:  限制系统无关账号登录
# Out		:        
#              0 => TPASS
#              1 => TFAIL
#              other=> TCONF
# ----------------------------------------------------------------------

# 测试主题
Title_Env_LTFLIB="安全加固(接入类) - 用户登录限制"

# 新增用户
UserName_passwd="ltf_login_$RANDOM"
AddUserNames_LTFLIB="$UserName_passwd"

## TODO : 个性化,初始化
#   Out : 0=>TPASS
#         1=>TFAIL
#         2=>TCONF
TestInit_LTFLIB(){
	# 判断是否存在变量
        if [ "Z${Login_Access_SSRFlag}" == "Z" ];then
                OutputRet_LTFLIB "${ERROR}"
                TestRetParse_LTFLIB "未定义变量 Login_Access_SSRFlag"
        elif [ "Z${Login_Access_SSRFlag}" != "ZTrue" -a "Z${Login_Access_SSRFlag}" != "ZFalse" ];then
                OutputRet_LTFLIB "${ERROR}"
                TestRetParse_LTFLIB "Login_Access_SSRFlag 无效的参数: ${Login_Access_SSRFlag}"
        fi

        return $TPASS
}


## TODO : 清理函数
#   Out : 0=>TPASS
#         1=>TFAIL
#         2=>TCONF
TestClean_LTFLIB(){
        return $TPASS
}


## TODO : 测试用例集
#   Out : 0=>TPASS
#         1=>TFAIL
#         2=>TCONF
Testsuite_LTFLIB(){
        testcase_1

        return $TPASS
}


## TODO ： 限制系统无关用户登录 
#
testcase_1(){
	# 判断是否需要限制用户登录
	if [ "Z${Login_Access_SSRFlag}" == "ZFalse" ];then
		OutputRet_LTFLIB ${TPASS}
                TestRetParse_LTFLIB "当前未限制系统用户登录"
		return $TPASS
	fi

	local flag="/sbin/nologin"
        local passwdfile="/etc/passwd"
	local usernames=("root" "sysadm" "secadm" "audadm" "${UserName_passwd}" ${Retain_Access_SSRFlag})
	local username=""
	local goodusers=""
	local failusers=""

	# 判断系统管理员、审计管理员、安全管理员、root、普通用户均不为/sbin/nologin
	for username in ${usernames[@]}
	do
		cat $passwdfile | grep -E "^${username}:"
		# 判断用户是否存在
		if [ $? -eq 0 ];then
			cat $passwdfile | grep -E "^${username}:" | grep -Eq "${flag}$"
		 	if [ $? -eq 0 ];then
				failusers="${failusers} ${username}"
			else
				goodusers="${goodusers} ${username}"
			fi
		else
			# 不存在此用户
			OutputRet_LTFLIB ${TPASS}
        	        TestRetParse_LTFLIB "不存在用户${username}"
		fi
	done

	if [ "Z${goodusers}" != "Z" ];then
		OutputRet_LTFLIB ${TPASS}
		TestRetParse_LTFLIB "要求用户(${goodusers} )默认shell不为${flag}" "False"
	fi

	if [ "Z${failusers}" != "Z" ];then
		OutputRet_LTFLIB ${TFAIL}
		TestRetParse_LTFLIB "要求用户(${failusers} )默认shell不为${flag}" "False"
	fi

	failusers=""
	# 判断非系统管理员、审计管理员、安全管理员、root、普通用户均为/sbin/nologin
	local rowstr=""
	while read rowstr
	do
		username=`echo ${rowstr} | awk -F ":" '{print $1}'`
		echo ${usernames[@]} | grep -q "${username}"
		if [ $? -ne 0 ];then
			echo ${rowstr} | grep -q "${flag}$"
			if [ $? -ne 0 ];then
				echo ${rowstr}
				failusers="${failusers} ${username}"
			fi
		fi
	done < ${passwdfile}

	if [ "Z${failusers}" == "Z" ];then
		OutputRet_LTFLIB ${TPASS}
		TestRetParse_LTFLIB "除系统管理员、审计管理员、安全管理员、root、普通用户之外的用户,默认shell均为${flag}"
	else
		OutputRet_LTFLIB ${TFAIL}
		TestRetParse_LTFLIB "存在用户(${failusers} )默认shell不是${flag}"
	fi
}


#----------------------------------------------#

source "${LIB_LTFLIB}"
Main_LTFLIB $@
